School’s in for summer. The accreditation body responsible for implementing the Defense Department’s Cybersecurity Maturity Model Certification program will soon start accepting applications for the first set of students to fine-tune its assessor training program.
With the finalization of an acquisition rule change this fall, the CMMC will institute a system of independent third-party audits to validate the cybersecurity practices of companies within the defense industrial base. For the most part, defense contractors are currently just pledging their adherence to required security controls.
DOD will soon finalize a training course prospective auditors will have to pass.
Then, “once we have the training course ready and we’re happy with it, we’re going to go out to industry and recruit what I call the first class of assessors who are going to sit through this course,” said Ben Tchoubineh, chair of the CMMC Accreditation Body’s training committee.
Tchoubineh illuminated the body’s planned training program in a recording the group posted today.
The 60 students selected to be in the first class should actually be highly experienced assessors, who Tchoubineh said would provide feedback on the training and help them “perfect the system before they really open up to the world.”
Once the accreditation body chooses the 60 individuals from its application pool, training will start in the summer and will be capped by an exam. Assessors will then be able to audit an initial set of companies seeking certification.
That will be the first phase of rolling out the training program, which should be completed within three to six months, Tchoubineh said, and is meant to enable meeting DOD’s timeline for certifying companies.
Trainees and compani ..
Support the originator by clicking the read the rest link below.
